5 Comments

CBC - a canonical mode, even though there are streaming modesStreaming mode is developer friendly. You don't have to call cipher.finalize() at the end. You also don't need to create a special buffer (more room for error!) when you are reading from a device with a different block size and/or packet fragmentation.

are CFB and OFB really meant for streaming?If it simply truncates the last segment, how does it know to correctly decrypt it? I find the name for these block modes deceiving, because there's still a requirement for the data to come in 128/256 bit chunks. Think of it this way: if you get packet fragmentation during transmission you'll get a decryption error, right?